Patient Information, Patient Trust and the New Generation Hacker

The nightly news presented some startling facts about HIT and patient privacy in prime time. To someone who is an HIT advocate, the news was disheartening. You may have seen the report; “Are your medical records really confidential”. I cringed as I thought about the millions of Americans sitting on their couch thinking about the security of their own personal information. I also thought about the thousands of Americans that are working so hard to educate, train and implement HIT in health care systems across this country.

The report simply stated that medical information is being stolen and sold to the highest bidder on the web. In the past, I always pictured these hackers (like you see in the movies) tapping into the HIE and stealing confidential information. This report did not mention that kind of hacker. They reported that the culprits ( new generation hackers) are within the medical practices; employees (could be employers in some cases) who download the info and sell to sources for illegal trade. This raises the question who would want this information? The report points to stake holders of the medical system; vendors and businesses that can use this medical data to target specific customers and optimize their sells by customizing their marketing and advertising schemes.

For those of you who work so hard to build a viable industry, this is a slap in the face. The health care system that is so adamant about the adoption of HIT, is cannibalizing its own efforts. If there was not demand for this information, then there would not be any need to steal. The guilty employees and stakeholders must not understand how this undermines everything that they work (or steal) for. It is amazing that with all of this technology it is still a people issue. We always say that the technology is a tool which can be used in multiple ways and for good or bad purposes. However, it is apparent that without the new technology these thieves would not be enabled to pursue this opportunity. Every innovation gets its own SWOT analysis and so does HIT unfortunately.

I could spend more time talking about this but I think I will go contemplate what this means. I hope you will too. Let’s think about the implications of these actions and how do we rebuild the confidence of the public. What additional measures do we need to put in place? It seems to me that this is not really a technical issue at this point. Does the privacy and security need to be more focused on the people who are working with the technology than the technology itself?  Do we need security cameras and lie detectors within practices and hospitals which will add more expense to the cost of EHR? I hope not.

I’m baffled, and I hope you are too.

One comment Add your comment


September 14th, 2012
11:57 pm

What most People do not realize is that if you are a patient of a small medical practice you are more exposed than ever. More than 80% of the medical offices in ATLANTA’s Medical offices, the physician employer has never performed a background check of their employees and unaware of any and all criminal offenses. This is the area where your private and medical is most vulnerable. The employee turnover is far more prevalent and these employees rotate from office to office, specialty to specialty with very little real information known by the individuals that have been hired.

More than 90% of these physician employers do not ask or require of their new hires
to have a pre-employment physical exam and virtually no DRUG SCREENING at ALL. There is no type of random drug screening once they are hired.
Think about that for minute. Really scary!